Auth + wallet infrastructure for autonomous agents. Open source. Self-hostable. Policy-enforced at the signing layer.
AI agents need wallet keys, API keys, database credentials. Today these live as plaintext environment variables, one prompt injection away from exfiltration. No spending controls, no audit trail, no kill switch.
Existing embedded-wallet platforms were built for consumer apps, not agents. They're closed source, can't be self-hosted, charge per-transaction fees, and have no concept of policy enforcement or autonomous operation.
Steward sits between agents and everything they access. Four pillars:
Agent / App Steward External
┌─────────────┐ ┌──────────────────────┐ ┌──────────────────┐
│ STEWARD_URL │───>│ Auth (JWT/passkey) │ │ Chains (EVM/Sol) │
│ STEWARD_JWT │ │ Policy Engine │───>│ OpenAI/Anthropic │
│ │ │ Wallet Vault │ │ Any API │
│ No API keys │ │ Secret Vault │ └──────────────────┘
│ No priv keys│ │ Proxy Gateway │
└─────────────┘ │ Audit Log │
└──────────────────────┘
npm install @stwd/sdk
import { StewardClient } from "@stwd/sdk";
const steward = new StewardClient({
baseUrl: "https://api.steward.fi",
apiKey: "stw_your_tenant_key",
tenantId: "my-app",
});
// Create an agent with EVM + Solana wallets
const agent = await steward.createWallet("trading-bot", "Trading Bot");
console.log(agent.walletAddresses); // { evm: "0x...", solana: "..." }
// Sign a transaction (policy-enforced)
const result = await steward.signTransaction("trading-bot", {
to: "0xRecipient",
value: "10000000000000000", // 0.01 ETH
chainId: 8453, // Base
});
See the full Quickstart Guide for auth setup and policies. See the Deployment Guide for self-hosting.
Drop-in React components for login and wallet management:
npm install @stwd/react @stwd/sdk
import { StewardProvider, StewardLogin, StewardAuthGuard } from "@stwd/react";
import "@stwd/react/styles.css";
function App() {
return (
<StewardProvider
client={stewardClient}
auth={{ baseUrl: "https://api.steward.fi" }}
>
<StewardAuthGuard fallback={<StewardLogin methods={["passkey", "email", "google"]} />}>
<Dashboard />
</StewardAuthGuard>
</StewardProvider>
);
}
Components: StewardLogin, StewardAuthGuard, StewardUserButton, StewardTenantPicker, WalletOverview, PolicyControls, ApprovalQueue, SpendDashboard, TransactionHistory.
| Package | Version | Description |
|---|---|---|
@stwd/sdk |
TypeScript client for browser + Node. Zero deps. | |
@stwd/react |
Drop-in React components: login, wallet, policies, approvals. | |
@stwd/eliza-plugin |
ElizaOS integration: sign, transfer, balance, approval evaluator. | |
@stwd/api |
— | Hono REST API. 30+ endpoints, multi-tenant, dual auth. |
@stwd/vault |
— | Wallet + secret encryption. AES-256-GCM, EVM + Solana. |
@stwd/policy-engine |
— | Composable policy evaluation. 6 rule types, 1000+ lines of tests. |
@stwd/proxy |
— | API proxy with credential injection, alias system, audit trail. |
@stwd/auth |
— | Passkeys (WebAuthn), email magic links, SIWE, OAuth. |
@stwd/webhooks |
— | HMAC-signed event delivery with retries. |
@stwd/db |
— | Drizzle ORM schema, migrations, PGLite adapter. |
@stwd/shared |
— | Types, chain metadata, constants. |
Steward runs anywhere. Two options:
Docker (recommended for production):
git clone https://github.com/Steward-Fi/steward.git && cd steward
cp .env.example .env
# Set STEWARD_MASTER_PASSWORD, POSTGRES_PASSWORD, STEWARD_PLATFORM_KEYS,
# STEWARD_SESSION_SECRET, and STEWARD_JWT_SECRET in .env
docker compose up -d
curl http://127.0.0.1:3200/ready
This starts the API (:3200), proxy (:8080), Postgres, and Redis. API migrations run automatically on startup unless SKIP_MIGRATIONS is set.
Embedded mode (no third-party dependencies):
bun run start:local
Uses PGLite (in-process Postgres via WASM). Data persists to ~/.steward/data/. Good for local development, CLI agents, and desktop apps.
Required env vars:
| Variable | Description |
|---|---|
STEWARD_MASTER_PASSWORD |
Derives all vault encryption keys. No recovery if lost. |
DATABASE_URL |
Postgres connection string (not needed in embedded mode) |
STEWARD_SESSION_SECRET |
JWT signing secret (defaults to master password) |
REDIS_URL |
Redis for rate limiting + token store (optional) |
RESEND_API_KEY |
For email magic link auth (optional) |
PASSKEY_RP_ID |
WebAuthn relying party domain (optional) |
GOOGLE_CLIENT_ID / GOOGLE_CLIENT_SECRET |
Google OAuth (optional) |
DISCORD_CLIENT_ID / DISCORD_CLIENT_SECRET |
Discord OAuth (optional) |
Full list in .env.example. See Deployment Guide for production setup.
Ethereum · Base · Polygon · Arbitrum · BSC · Base Sepolia · BSC Testnet · Solana
ElizaOS · Milady · Babylon · Hyperscape · Strata Reserve
See CONTRIBUTING.md for development setup, coding standards, and PR guidelines.
$ claude mcp add steward \
-- python -m otcore.mcp_server <graph>